StudyDaddy Computer Science In Paper 1 you discussed information security issues faced by organizations and described threats to information assets. Your assignment for Paper 2 is to analyze specific countermeasures for each of

In Paper 1 you discussed information security issues faced by organizations and described threats to information assets. Your assignment for Paper 2 is to analyze specific countermeasures for each of

Running head: INFORMATION SECURITY 0







Information security threats

Shiva Kumar Pagadala

Emerging Threats and counter measures

University of the Cumberlands

05/31/2019








Introduction

Information security is the practice of preventing third-party access, manipulation, editing, changing, and compromising the organization's information resource. For organizations, this kind of support is the cutting edge over the competition. Their data carries all business secrets and strategies that enable them to stay ahead or cope with the stiff competition in the market. Therefore, organizations go through a great deal of trouble to secure their networks and protect their information. In this era of advanced cyber knowledge, it requires them to identify the risks faced as far as information security is concerned to enhance their preparedness in the event the risk occurs (Singh, 2019). According to Infor-Sec professionals, there has been an upward scale of global cybersecurity threats in recent years. This is furthermore compounded by an ever-developing technology that is hard to cope. The unique effect of this has been a hike of serious information security threats to all agencies, government, and non-governmental. These threats range from simple to more sophisticated ones. They include basic human error-based information threats and threats poised to make the most organized system weak spots and advanced ransomware elements. Organizations have been forced to bolster expertise by training their information security teams to cope with the mounting threats.

Information security issues faced by organizations

Potential insider threats. This kind of threat is divided into two variations, and there is deliberate malicious intent and unintentional fundamental human error. The distinction is apparent between the two. When it comes to deliberate malicious intent, it involves someone from within the organization with the technical know-how on what they are doing. They purposefully aid data leaks from the organization. The data leaks have a substantial threat to the infrastructure of the organization (Minkevics, 2020).Cases of deliberate insider leaks though rare, are among the most damaging and hard to trace since they originate from within, and digital footprints tend to be well hidden. For unintentional threats, these can be daily occurrences majorly from personalized devices and numerous identities that are connected to the workplace network every day. The gadgets which can connect to the internet tend to communicate with unauthorized security protocols. An organization information resource is therefore leaked through these devices or to third parties that may use the information to the disadvantage of the organization. If one of the unknowing users is ignorant of the security threats, they can easily create weak points to be exploited, thereby enhancing the likelihood of security threats to the organization. This is why every organization must provide basic training to all employees on cybersecurity to measure risk avoidance.

External breaches. This threat is arguably the most damaging and with a higher chance of occurrence. Despite their efforts to create a durable security fabric, most organizations are still vulnerable as far as the security framework is concerned. The most blame lies in some organizations failing to understand the need for a well-trained, equipped, and expert information security team. Information security should be held as a top priority just as much as other security threats like terrorism. Hacking is the greatest threat as far as external breaches are involved. Employees may also fall prey to internet loopholes by accessing gaps and sending out sensitive data that expose organization vulnerability. Some of the incorrectly configured environments, inadequate security codes, and below standard application designs are the most significant weak links that result in external breaches. However, the external violations can be averted and prevented if the security team reinforces the security codes using the right code. Hackers can be locked out of the organization’s system (Minkevics, 2020).

The rise in Crime-as-a-Service. This is a new developing threat, mostly famous in the dark web. Crime has evolved into this format, where a group of criminals with cyber technical skills build developed tools and packaged services. The group rents out or sells their 'kits' to other criminals who have lesser knowledge and experience. This poses a huge threat to information security since the bar is set low for inexperienced criminals to launch cyber-attacks on organization systems. In 2007, Crime-as-a-Service was flagged by a Europol study as one of the major facilitators of crimes against the information security of organizations and corporates globally. The kit termed as Crime-as-a-Service is purposefully designed to steal and ransom the data. They are taking an example of a leading organization in its field falling prey to CaaS, with the perpetrators threatening to either release the trade secrets to the public or sell them out to a competitor. The organization would be forced to pay huge amounts to recover the stolen information. What makes matters worse is the CaaS enables even hackers with no experience to launch damaging attacks on the networks of a well-organized system. It is like an armory for every hacker who gets their hands on it (Young, 2016).

Weak links in the supply chain. Every organization that deals with offering goods and services have to have a supply chain. No organization is air-tight as far as the security of information is involved. In specific scenarios, the organization may have an up to date security system, well maintained and protected, but data does not remain only within their networks. In developing a good or offering a service, sensitive information that involves the good or service, the technology used, or information on operations of the organization circulates to the other parties involved in the cycle. One such party is the vendors. This exposes the organization's information to the other parties, making them vulnerable since the data is now out of the protection of the organization. The parties may choose to use that kind of sensitive information for malicious purposes and where they chose not to, the data is still exposed to other threats. If by chance the systems of those parties are compromised by hackers, the organization data that was stored in the system will be exposed for the hackers to manipulate.

Internet-related security breaches. As we know it, the internet is a highly connective platform where devices of every nature, phones, tablets, laptops, and desktops, among others, can be connected over a central network (C, 2020). These connections can be through wi-fi connections which are available in the organization premises. For connectivity to be achieved, we have to input specific data for the devices to perform effectively. Therefore that input has to be provided. The input information loops throughout the network system. This consistent looping opens gateways, which may act as a weakness to be exploited by a third party from outside the organization connected to the Internet of Things.

Specific threats to information assets

A threat can be termed as a potential risk that may cause damage to a system, data or infrastructure resource of an organization in the event of occurrence. Because of the evolving level of technology, organizations have to deal with a wide range of threats to their nonphysical assets (Rajnoha, 2017).These assets are a collection of information with value to the organization. They vary from intellectual property, trade secrets, products and services, strategies, programs, target consumers, marketing strategies, regular clients, business operations, finances, legal compliance, research and development, and organization culture. This valuable information is under threat from various factors; however, we will focus on these five; Software attack, Malware, stealing of intellectual property, theft of identity through misrepresentation and Corporate sabotage.

Software or malware attacks. This refers to attacks by viruses, worms, trojans and bots. It is easy to confuse all these for one thing but they are different in many ways. The similarity between the two is they are both malicious software even though they have different effects when attacking a system. Malware is a mix of two terms, malicious software. This, in short, means that Malware is software engineered maliciously such that it makes use of an intrusive code to infiltrate and manipulate the operations of a program. Malware is divided into two, Infections techniques and malicious actions. On infection methods, we have viruses, worms, bot, and trojans. Viruses and worms both replicate on their own with a small difference. Viruses replicate by hooking onto a program on the host, for example, multimedia from where they travel through the internet. Worms, on the other hand, do not hook themselves to the program but can be passed on to a target computer on the same network. They do less harm and tend to eat up storage on the target computer, thereby slowing it down. Trojans originate from the legend of the Trojan horse in Greek mythology (Rajnoha, 2017).The Trojan conceals itself in an authentic-looking software. When the user executes the program, the Trojan is released and steals data or serves the purpose it was designed for. Trojans mostly serve as backdoor gateways into a system that allow theft of critical data without being noticed by the executor. Bots are a more advanced version of worms and need minimal human interference to operate. They can either be good or bad. On the basis of actions, it comes in the form of spyware, adware, zombies, rootkits, scareware, and ransomware.

Intellectual property theft has been a loss to various industries. Intellectual property involves innovations that are originally designed from the creativity of individuals and are unique specifically to the individual or organisation to be used to generate profits. Organizations go ahead to protect their intellectual property since it allows them stay steps ahead of the competition, which is legally restricted from using the production techniques. Intellectual properties include; copyrights, patents, industrial designs, trade-marks and secrets and other geographical indications. Therefore, theft of such ideas means stealing from people and organizations their brilliant ideas, inventions, and creative expressions, which can provide a wide variation from trade secrets and patent rights of production and parts to multimedia productions and news software designs. This is an evolving threat, especially due to the increase in digital technology skills and ease of sharing. This is a violation of the rights of these organizations and is punishable by law. In the U.S, intellectual property theft robs U.S businesses off billions of dollars annually, reducing jobs and tax collection revenues by billions of dollars.

Identity theft. This refers to pretending to be someone you are not to gain unauthorized access to a person’s confidential data or manipulate vital information at their disposal through their computers or social media accounts by logging in with their credentials. In organizations, certain high-ranking individuals like managers, chief executive officers, and board members have high-level security clearance to access information vital to the organization's operations and success. These individuals may find themselves a target of schemes to exploit their clearance by outside parties to gain access to the information they have. Targeted information that can be manipulated range from name, physical and e-mail address, information in the credit card, number of social security or information about bank account. Once there is a breach through identity theft, it ruins all information's credibility. Any cases of identity theft in organizations should be monitored, alerted to the authorities, proven, and passwords reset immediately.

Sabotage. This involves the destruction of an organization's website so as to damage the customer confidence in the organization. Sabotage is sometimes a foul play in business done by competitors to bring down rivals. This kind of act of aggression is illegal and prosecutable by law. Once an organization's website has been brought down, customers tend to lose faith in the protection of their own data when they communicate with the enterprise. As a result, most organizations crumble since customers are the most important factor in a business (Singh, 2019).

Conclusion

For every organization, a proper investment must be made against any form of threat towards the security of information assets. Information is the essential asset of the organization, and preparedness for any danger is a risk management procedure.














References

C, Pranav. “CYBER SECURITY ISSUES & CHALLENGES FACED IN HANDLING CYBERCRIMES.” 2020, doi:10.31224/osf.io/5chks.

Minkevics, Vladislavs, and Janis Kampars. “Methods, Models and Techniques to Improve Information System’s Security in Large Organizations.” Proceedings of the 22nd International Conference on Enterprise Information Systems, 2020, doi:10.5220/0009572406320639.

Rajnoha, Rastislav, et al. “Information Systems For Sustainable Performance Of Organizations.” Journal of Security and Sustainability Issues, vol. 7, no. 1, 2017, pp. 167–179., doi:10.9770/jssi.2017.7.1(14).

Singh, Abhishek Kumar, et al. “Extracting and Summarizing the Commonly Faced Security Issues from Community Question Answering Site.” International Journal of Information Security and Privacy, vol. 13, no. 3, 2019, pp. 48–59., doi:10.4018/ijisp.201907010103.

Young, Carl S. “Information Security Threats and Risk.” Information Security Science, 2016, pp. 3–27., doi:10.1016/b978-0-12-809643-7.00001-2.





0

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!